Disable csrf using Java config

Good day,

I am trying to learn Spring. I am currently doing this tutorial: http://spring.io/guides/gs/consuming-rest/

I followed all the instructions, however, when I try to launch the application, 403 Displays Disabled.

I searched the net and found out that it has to do with csrf protection. So, I continued searching the net how to disable csrf. Here is my Java config:

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable();
    }
}

      

My question is, how do I use this configuration? Specifically, where in the code should I insert it?

Here are the other two classes as pointed out in the tutorial. They all belong to the same package (Hello).

@JsonIgnoreProperties(ignoreUnknown = true)
public class Page {
    private String name;
    private String about;
    private String phone;
    private String website;

    public String getName() {
        return name;
    }

    public String getAbout() {
        return about;
    }

    public String getPhone() {
        return phone;
    }

    public String getWebsite() {
        return website;
    }
}

public class Application {

    public static void main(String[] args) {
        RestTemplate restTemplate = new RestTemplate();
        Page page = restTemplate.getForObject("http://graph.facebook.com/pivotalsoftware", Page.class);
        System.out.println("Name:       " + page.getName());
        System.out.println("About:      " + page.getAbout());
        System.out.println("Phone:      " + page.getPhone());
        System.out.println("Website:    " + page.getWebsite());
    }

}

      

+3


source to share


2 answers


Add @Configuration

to class WebSecurityConfig

and it will auto scan when you start your Spring application. You don't need to write any code.

Here is the code with @Configuration



@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable();
    }
}

      

+1


source


Make sure your url is valid.



In my case the url was generated by the code and was in a different case, so I got a 403 forbidden error. Spend a lot of time trying to fix the issue by enabling Security Configuration.

0


source







All Articles